Mail Archives: cygwin/2003/04/09/19:09:43
Andrew DeFaria wrote:
> Greg Kremer wrote:
>
>> Rob,
>> Thanks a million. That fix works.
>>
>> Thanks again for your expertise.
>>
>> Greg Kremer
>>
>> rob2 AT siklos DOT ca wrote:
>>
>>> Go to the properties windows for your internet connection, and click
>>> on the Advanced tab. Here is where you probably enabled your
>>> firewall. Click on the Settings button and add a new service in the
>>> Services tab. In the name/ip address field, put the name of your
>>> computer. Put 6000 for both port numbers, and use TCP (i think).
>>> Before you click Ok, make sure you check the box for the service you
>>> just added.
>>
>>
> It's amazing how quick people are to say "it doesn't work" without first
> checking around a little bit. My first inclination when I hit a problem
> like this was to try the Settings button and lo and behold there it was,
> plain as day, how to add a "service" by a port number.
>
> Anyway, one thing that is a little confusing to me is the "In the
> name/ip address field, put the name of your computer" portion. It is
> clear that we are talking about two different computers here, his XP
> machine and his Unix box. So which name goes in that field? The
> description says "Name or IP address (for example 192.168.0.12) of the
> computer hosting this service on your network" and the "What's this?"
> help you can get to by right clicking on that description says "Provides
> a space for you to type the name or IP address of the computer on your
> home network where the service resides.". So I would think that you put
> in the name or IP address of the Unix box.
>
The "... put the name of your computer" input box is there because you
can do some kind of DNAT with this "firewall". I. e. if this computer
does internet connection sharing for your local network, you can make
services running on boxes that don't have a public address publicly
available by entering their local name or IP into this field. It has
nothing to do with who might be allowed to connect to your computer and
who might be rejected.
> In fact I did this very same thing allowing a Linux box on my home
> network to display an XDMCP session to my Cygwin XFree86 server running
> on my XP box. But my question is this: Can only my Linux box with this
> IP address put up X traffic through this firewall? IOW if I get another
> Linux box with another IP address would I need to add another entry here
> for port 6000 from that IP address? Or can this Name/IP address be an IP
> range?
>
No, as said above, the source of packets coming in does not matter. If
you start the "firewall" all incoming packets that don't belong to an
established connection (I'm not exact here, I think) are dropped. If you
want to allow connections to a port on this machine, you enter the name
of this machine in the input field (the name of your local machine
should appear there when you edit one of the predefined services). If
you want too make DNAT, you enter the name or IP of the machine the
packets should be sent to.
I think this gets (if just a tiny, tiny little bit) off topic...
Regards
mks
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -